package com.example.security.controller;

import com.example.security.domain.User;
import com.example.security.service.UserService;
import jakarta.annotation.Resource;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import java.util.List;

@RestController
@RequestMapping("/user")
public class UserController {

    @Resource
    public UserService userService;

    //    @PreAuthorize("hasAuthority('ADMIN')")  // 有这个权限才能访问
    @PreAuthorize("hasRole('ADMIN') and authentication.name == 'admim'")
    @GetMapping("/list")
    public List<User> getList() {
        return userService.list();
    }

    // 创建用户
    @PostMapping("/add")
    @PreAuthorize("hasAuthority('USER_ADD')")
    public void add(@RequestBody User user) {
        userService.saveUserDetails(user);
    }
}